package com.demo.oidc.web;

import org.keycloak.KeycloakPrincipal;
import org.keycloak.representations.AccessToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.util.Set;

@RestController
@RequestMapping("")
public class DemoController {
    @GetMapping("/admin")
    public String admin(){
        return "admin role can access";
    }
    @GetMapping("/user")
    public String user(HttpServletRequest request){
        KeycloakPrincipal userPrincipal = (KeycloakPrincipal)request.getUserPrincipal();
        AccessToken token = userPrincipal.getKeycloakSecurityContext().getToken();
        Set<String> roles = token.getRealmAccess().getRoles();
        System.out.printf("roles: %s\n",roles);
        System.out.printf("userName: %s\n",token.getPreferredUsername());
        System.out.printf("uuid/subject: %s\n",token.getSubject());
        // and others
        /**
         * @JsonProperty("nonce")
         *     protected String nonce;
         *     protected Long auth_time;
         *     @JsonProperty("session_state")
         *     protected String sessionState;
         *     @JsonProperty("at_hash")
         *     protected String accessTokenHash;
         *     @JsonProperty("c_hash")
         *     protected String codeHash;
         *     @JsonProperty("name")
         *     protected String name;
         *     @JsonProperty("given_name")
         *     protected String givenName;
         *     @JsonProperty("family_name")
         *     protected String familyName;
         *     @JsonProperty("middle_name")
         *     protected String middleName;
         *     @JsonProperty("nickname")
         *     protected String nickName;
         *     @JsonProperty("preferred_username")
         *     protected String preferredUsername;
         *     @JsonProperty("profile")
         *     protected String profile;
         *     @JsonProperty("picture")
         *     protected String picture;
         *     @JsonProperty("website")
         *     protected String website;
         *     @JsonProperty("email")
         *     protected String email;
         *     @JsonProperty("email_verified")
         *     protected Boolean emailVerified;
         *     @JsonProperty("gender")
         *     protected String gender;
         *     @JsonProperty("birthdate")
         *     protected String birthdate;
         *     @JsonProperty("zoneinfo")
         *     protected String zoneinfo;
         *     @JsonProperty("locale")
         *     protected String locale;
         *     @JsonProperty("phone_number")
         *     protected String phoneNumber;
         *     @JsonProperty("phone_number_verified")
         *     protected Boolean phoneNumberVerified;
         *     @JsonProperty("address")
         *     protected AddressClaimSet address;
         *     @JsonProperty("updated_at")
         *     protected Long updatedAt;
         *     @JsonProperty("claims_locales")
         *     protected String claimsLocales;
         *     @JsonProperty("acr")
         *     protected String acr;
         *     @JsonProperty("s_hash")
         *     protected String stateHash;
         */
        return "user role can access";
    }
}
